The Un-Official Proxomitron Forum
mediafire downloads - Printable Version

+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Config Sets (/forumdisplay.php?fid=43)
+--- Forum: Sidki (/forumdisplay.php?fid=44)
+--- Thread: mediafire downloads (/showthread.php?tid=1644)

Pages: 1 2


mediafire downloads - eclipse - Aug. 17, 2010 01:49 AM

I needed to download some file from Mediafire, and couldn't unless I bypassed proxo (using sidki's alpha4). So I started to play around a bit, and finally came up with this addition to my Exceptions-U (proxo was messing with function names in some inline javascript):

Code:
www.mediafire.com/        $SET(0=a_jsprop.)

Example link: http://www.mediafire.com/?uo1ywm1yzt3nhty

I don't know if it's the best way to solve it...
Comments/suggestions are welcome!


RE: mediafire downloads - fpout - Aug. 17, 2010 04:59 PM

The blocking filter is

Block/Modify: Sel. JS Properties 07.04.02 [sd] (d.2)

As I do not like to add too many exceptions, I just UNTICK this WEBFILTER whenever I have to DL smthg from MEDIAFIRE

Regards.


RE: mediafire downloads - ProxRocks - Aug. 17, 2010 05:21 PM

(Aug. 17, 2010 01:49 AM)eclipse Wrote:  
Code:
www.mediafire.com/        $SET(0=a_jsprop.)

seems to be working perfectly for me...
many thanks for the catch - i "was" doing an "a_js" for mediafire when i didn't need to go that far after all...


RE: mediafire downloads - eclipse - Aug. 18, 2010 12:40 AM

(Aug. 17, 2010 05:21 PM)ProxRocks Wrote:  many thanks for the catch - i "was" doing an "a_js" for mediafire when i didn't need to go that far after all...

Hey, thanks ProxRocks, you are making me feel even prouder! I'm glad to be of help.


RE: mediafire downloads - sidki3003 - Aug. 22, 2010 10:13 AM

I've added that entry to the general exception list.


RE: mediafire downloads - fpout - Aug. 23, 2010 05:31 PM

I just tried adding
Code:
www.mediafire.com/        $SET(0=a_jsprop.)

either to Exceptions or Exceptions-U with No success.

The link to download doesn't appear unless I untick the filter

Block/Modify: Sel. JS Properties 07.04.02 [sd] (d.2).

This makes the download box always appear.

(last alpha config, all last updates, including google complete, advanced mode).

It's something with the $SET(0=a_jsprop.) probably. I remember having had the same issue with another site not freed by this keyword.

How comes ???


RE: mediafire downloads - sidki3003 - Aug. 23, 2010 09:34 PM

The respective filters/lists definitely obay to their keywords.

From what i can imagine, there are three causes left that can cause keywords to not kick in immediately:
-1- The browser cache isn't cleared.
-2- Proxomitron was still observing open connections. In this case, edited lists aren't reloaded, but you have to do it manually, e.g. via the tray icon context menu: Add to List -> Reload Lists (or similar).
-3- User modifications to the config are breaking functionality: In release configs there is a fallback config file for such situations, called sidki_oob.ptron.


RE: mediafire downloads - fpout - Aug. 23, 2010 11:48 PM

Hello Sidki, thanks for your quick answer!

I did a few quick tests to check:

Same problem with:
- browser freshly restarted, every session data cleared (as I always do when experimenting)
- browser cache absolutely emptied (as I always do in case of doubt)
- Active connections: 00
- Config systematically forced to reload
- Log window always open (on left margin of my left monitor): I use it to constantly monitor what's going on with internet

Same with: Firefox 3.019 - Chromium latest - Opera 9.64

Same with these configs taken oob from your zips:
- sidki_oob.ptron and sidki_2009-02-13.ptron from prox-config-sidki-2009-02-13.zip

But ... it WORKS (download link box appears) with the "sidki_2009-05-24.ptron" as taken oob from the "prox-config-sidki-2009-05-24-alpha.zip".

So, some modif I made in my config, some additional filter I suppose, is responsible for it. I'll throw an eye as soon as I'll have a few hours.

Anyhow, I just have to untick that filter whenever I wanna download from mediafire till I find the culprit.


RE: mediafire downloads - fpout - Aug. 24, 2010 01:54 AM

Worked hard, but finally picked up the culprit:

It was a Header filter whose name was:
Code:
Key = "URL :0_3.4 Kill tracking scripts (Ghostery) {ln}090316 TEST"

and it's its mere name that was causing the issue !

I renamed it ...
Code:
"X-URL:0_3.4 Kill tracking scripts (Ghostery) {ln}090316 (out) TEST"

and -wonder- it worked like a charm: mediafire DL-link-box show up (with it's exception listed in ExceptionU.ptxt, of course)

I'm amazed at the susceptibility of Proxo about Header-filters' names!


RE: mediafire downloads - ProxRocks - Aug. 24, 2010 04:46 AM

maybe it's not the "name" of the header filter, but that entire header filter?

could it be that EVERY header filter parsed "after" that filter is NOT working? and by renaming it, you've only effected "where" that point in the header list is whereby everything AFTER it is no longer working?


RE: mediafire downloads - fpout - Aug. 24, 2010 01:00 PM

(Aug. 24, 2010 04:46 AM)ProxRocks Wrote:  maybe it's not the "name" of the header filter, but that entire header filter?

could it be that EVERY header filter parsed "after" that filter is NOT working? and by renaming it, you've only effected "where" that point in the header list is whereby everything AFTER it is no longer working?

Hello ProxRocks,

I was tempted to this immediate reply that everything seems to work well in my config by now, but to clear it up, as this new name sent the filter to the end of the list, I did a few trials:

Renamed the filter from
Code:
"X-URL:0_3.4 Kill tracking scripts (Ghostery) {ln}090316 (out) TEST"
to:
Code:
"!woof:0_3.4 Kill tracking scripts (Ghostery) {ln}090316 (out) TEST"
and saved/reloaded/save/ etc... the config, so that the filter is now near the top, just below the last of the
! :.Set Header Variables 09.07.04 [sd] (d.r) (In) filters

... and as far as the few pages I visited after that, the whole config seems to work as neatly as possible, included Mediafire & co.

It seems to really be the name of the filter that was the cause. EVERY filter beyond is working normally AFTER I renamed my "ghostery" filter ...

Here is the full text of that filter, which catches some more crap sites I extracted from the Firefox Ghostery addon list.
Works fine. Doesn't seem to be that useful, but gets touched from time to time.

Code:
[Blocklists]
List.Ghostery = "..\Lists\Ghostery.txt"

[HTTP headers]
In = FALSE
Out = TRUE
Key = "!URL Killer: Kill tracking scripts (Ghostery) {ln} 090316 (out) TEST"
URL = "(^local.ptron)"
Match = "((\w)\0|*((^(http|ftp)://|//)(http|.|/)\w)\0)$TST(\0=(.|/|)($LST(Ghostery))\9*)"
Replace = "$ADDLST(debug,0_3.4  Kill tracking scripts (\4)\t$DTM(Y/M/D H:m:s't)\t$GET(uDom)\t$GET(uExt)\t$GET(ContentType)\t$GET(Resp)\t$GET(ContentLength)\t\u\t\9\t\1\t\3) $LOG(R$DTM(c),0_3.4  Kill tracking scripts (\4): \u) $ALERT(Ghostery - Touched = \u) \k"

Added "$ALERT(Ghostery - Touched = \u)" to be advised when the filter is triggered - To be removed if annying.

I attach the list of sites to filter, if smbdy' interested.

-------------- EDIT --------------
Credit =
Couldn't remember where I got that filter from. A quick Googling gave me the answer: It's an Inminente filter from:
http://prxbx.com/forums/archive/index.php/thread-1312.html (page bottom) 17-03-2009
-----------------------------------


RE: mediafire downloads - ProxRocks - Aug. 24, 2010 01:21 PM

ah, interesting...

why don't you just block ALL scripts "by default"?
then only allow 'script kiddies' to do their 'thing' on an "as needed" basis?


i've been doing that for several years now and it's been a godsend...
during that span, there have been "several" coworkers that have needed full reinstalls due to web browsing "scripts" (primarily stemming from "college humor" types of website, nothing "x-rated")...

the script-crippling that "crashed" these several company machines were not isolated to any "browser" (IE8 and Firefox were BOTH "hit")...

blocking scripts kept me safe even though i browse the same "college humor" types of web sites...

Comodo Firewall (the OLD version, v2.4.18.184) kept me safe from the "creepy crawlies" that then infiltrated our server...

we ran "TDSSKiller" (from Kaspersky) on ALL of our machines and i was the ONLY one that it didn't find anything on - (i even got a free lunch out of the IT guy, "i'll bet you today's lunch that my PC is CLEAN!")...


anymore nowadays, "script blocking" is MORE important than running "antivirus" software !!!


</ two cents>


RE: mediafire downloads - fpout - Aug. 24, 2010 04:05 PM

ProxRocks : In fact I've been confronted to a similar problem in the past. There are several "reserved" words for the names of Header filters. Proxo is "broken" if by misuse I named a filter BEGINNING with a standard TCP/IP header like

KEY = "User-Agent: ..." or KEY = "URL:" and if the content of the filter is NOT relative to treatment of THAT header.

I believe that beginning the name of the guilty filter by "URL ..." was a bad idea, as it was not directly dealing with the URL header. Or smthg like that.
Anyhow, just changing the name to begin by a non-reserved word does the trick, independantly from the real content of the filter.

--------

Besides, you're indeed absolutely right about danger on the net, ProxRocks, and I use to go with "! |||||||||||| 7.1 Block all Scripts 07.03.20 [sd] (o.3) (Out)" turned ON when navigating on risky sites, but it's really a pain, breaking almost all pages nowadays, impossible (for me) to use on regular everyday' surf.

I have some (semi-paranoïd, I believe) protection, however:

Outpost firewall, very configurable, easy and confortable (dropped Comodo 2 and never liked Comodo 3, really boring). Outpost learns my way of surfing and is very reliable. NO Antivirus is needed with it!
Surfing is very confortable, and a check of my machines every now and then with usual malware checker seems enough for me.
Never had a single alert for more than 10 years on 2 to 6 computers. Behind a NAT router.

Using KyeU's excellent filter "Kill Suspect EXTENSION" = saved my computer more than once !

NoScript (fox addon) normally always on, complements Proxo to block "all" scripts in a souple way, customisable with a mouse clic

Systematically killing favicon requests
Systematically Alert box (Yes-No) on any flash (or equivalent) request
Systematically blocking ANY "Suggest ..." from any search engine
Systematically blocking ANY outbound comm towards any Microsoft IP
Systematically killing ALL Mozilla prefetch (Firefox connects hiddenly to EVERY url merely hovered - not even selected - while the Bookmarks Library window is opened!)

Routinely spoofing Via, User-Agent, X-forwarded-for (Jak's way). Not a real protection, but complicates tracking.
All surfing data cleared at browser closure, and now & then during surfing.

Using Fox phProxy addon, handy to turn a proxy on instantly from bookmarks.

Using KMeleon directly connected to Web in SANDBOXIE (sandbox immediately destroyed as soon as surf is ended) when having problems with Proxo (some sites check if Proxo connected & refuse connection) and if direct connection is required by a site to allow login.

Any automatic update turned OFF for ALL software.

Finally, I use only STAND-ALONE programs, (except about a dozen major ones that do not have equivalents sta.), parked on another partition (not "C"), and

with PARTIMAGE, I re-install a fresh WINDOWS from an absolutely CLEAN archive every 2-3 month. It's not a big problem to update, as I only have a few softs installed in "Program Files" : mostly Outpost (the only one auto-updated, of course) - "Sandboxie" - K-Lite - MalwareBytes - Winrar


RE: mediafire downloads - ProxRocks - Aug. 24, 2010 04:37 PM

couldn't agree more!...

i think we might be twins, lol...

a) nLite'd fresh installs every 2 to 3...
b) no "suggest" crap-ola...
c) block ANY and ALL phone-home auto-updates...
d) blocking favicon's (i thought i was alone on this one, lol)...
e) "iexplore.exe" is blocked ALL access (IE "clones" work withOUT "iexplore.exe"!)...
f) "firefox.exe" is NOT allowed ANY TCP 'connections'...
g) the ONLY executable 'allowed' access to Port 53 is Proxo !!!
h) very limited "installs", almost everything has been "portablized"...
i) NEVER install to an installer's "default" directory location...
j) and the most IMPORTANT, svchost.exe is NOT given "free reign" (in fact, it is denied ALL access to the internet if i'm "wired", i have to allow a "few" items for my wireless)...


i grant that blocking scripts is a 'nuisance' AT FIRST, but you get used to it Big Teeth
and ya can always allow "some" sites to do their scripting Smile!


edit: gasp! you installed Outpost to "Program Files"?! YIKES! lol...


RE: mediafire downloads - fpout - Aug. 24, 2010 05:21 PM

a-b-c-d-e- Yes,yes,yes

f) "firefox.exe" is NOT allowed ANY TCP 'connections'...
Yes, NO TCP except localhost/local LAN, but quite hard to keep, with mozilla addons to update and visit !

g) the ONLY executable 'allowed' access to Port 53 is Proxo !!!
... never tried, seems nice, gonna give a try some day

h) very limited "installs", almost everything has been "portablized"...
i) NEVER install to an installer's "default" directory location...
... so do I
svchost.exe, absolutely agree ! though I had a hard time trying to find what to allow exactly !

Quote:edit: gasp! you installed Outpost to "Program Files"?! YIKES! lol...
No way else, only works from there I think.

In fact, you know, You and Odissey are the ones who (through all your posts) really opened my eyes on what a prey and how much vulnerable we can be on the web ...

Not talking about cross-reference tracking, history stealing, etc, like here explained here : http://panopticlick.eff.org/

I think anyone should start from that excellent collection of stand-alones: http://www.liberkey.com/en/catalog/browse.html
and for portabilizing, I find AutoHotkey (included in LIBERKEY) and AutoIt are very handy. What do you use ?